THE MATHEMATICS BETWEEN CYBER LAW &CYBER CRIME IN µINDIAN ARENA¶ GAURAV TIWARI INTRODUCTION:
The founding fathers of Internet barely had any proclivity that Internet could transform itself into an all pervading revolution which could be tainted for criminal activities and which required law. These days, there are many troubling incidents in cyberspace. Due to the mysterious nature of the Internet, it is probable to engage into a variety of criminal activi act ivities ties with impunity and peo ple with intelligence, have been hideously misusing this aspect of the Internet to perpetuate criminal activities in in cyberspace. . The advancement in this field field has been multiplying multiplying exponentially but cybercrimes are also thriving rapidly. Although generous progress progress in technology, uncertainty still prevails and the efforts to trace, identify and bring the criminal to books have not borne much fruit. If cybercrimes are not combated at the early stage, stage, the posterity will suffer suffer from the human values, which will have very damaging effects on the society at large and innocent individuals in particular.
1
The very character of crime itself has undergone complete
transformation. There is a conjectural shift in terms of the costs of criminal behaviour and the forms of criminality, criminality, which merits state attention. attention. The globalization of the world¶s economy and the resultant exponential increase in the way business is carried out has given rise to a new wave of crime, which requires more attention than traditional forms of violent crimes that currently command the vast share of state law law enforcement resources. Territorial boundaries boundaries are no longer the barriers, as it may also exist in cyberspace, where corporations, which serve computer and
1
M. Ponnaian,, July- September 2000 ³ Cyber crimes, Modern crimes and Human rights ´, P R P Journal of Human Rights, Vol. 4, at 13-14
telecommunications networks also also control access. The capacity of criminals criminals has been enhanced to carry out serious offences manifolds due to progress in computer and communications technologies and that too with a greatly diminished risk of apprehension. The defence mechanisms of states appear fragile when it comes to advanced technology, telecommunications and cyberspace. The concept of jurisdiction jurisdiction becomes meaningless meaningless when an individual individual has only an address on a computer network as identity. This century will therefore, be known not only for greater technological innovation, but also be remembered for unpreparedness of legal and law enforcement communities communities for the cyberspace crime, which is increasing unabated. The everexpanding financial resources of criminals will render them increasingly important players in 2
global financial markets.
With the advent of the internet, cyberlaw has become an emerging
field. Cyberlaw encompasses electronic commerce, freedom of expression, intellectual property rights, jurisdiction and choice of law, and privacy rights.
3
There have been various kinds of
computer and internet internet related crimes. crimes. In fact, the growth of crime on the internet internet is directly proportional to the growth of the internet itself, and so is the variety of crimes being committed 4
or attempted.
FUNDAMENTAL
PRINCIPLES O F CRIME
The fundamental principles of crime are founded on rules of equity, justice and fair play, which provide adequate guidelines for the formulation of a rational penal policy and at the same time ensure even-handed dispensation of justice justice to litigants. litigants. It is general principle of criminal criminal law
2
M.P. Shahi,(2000), ³Crime ³ Crime and Corruption in the Digital Age ´, at 27 J. Kaufman Winn and R. Warner, ³ Course: Law of the internet ´, Southern Methodist University School of La w at .htm> 4 ³Computer and internet Crimes ´, at 3
that a person may not be convicted of a crime unless the prosecution has proved beyond reasonable doubt that: y
He has caused a certain event, or responsibility is to be attributed to him for the existence of a certain state of affairs, which is forbidden by criminal law; and
y
He had a defined state of mind in relation to the causing of the event or the existence of the state of o f affairs.
Thus, a crime essentially consists of two elements, namely, actus reus and mens rea. rea.
ACTUS REUS
The word actus connotes, a physical result of human conduct. The actus reus includes all the elements in in the definition of the crime except the mental element of the accused.
It is is not
merely an act but may consist of o f a state of affairs affair s not including including an act at all. Actus reus is defined as ³such result of human co nduct as the law seeks to prevent´.5 The actus reus is made up generally, but not always, of conduct, and sometimes it¶s consequences and also the circumstances in which the conduct takes place, or which constitute the state of affairs, affairs, in so far as they are relevant. Sometimes a particular particular state of mind on the part of the victim is required required by the definition of the crime. If so, that state of mind mind is a part of the actus reus.6 Actus reus in internet crimes
The element of actus reus in internet crimes is relatively easy to identify, but is very difficult to prove. The fact of the occurrence of the act that can be termed as a crime can be said said to have taken place when a person is:
5
J.C. Smith and B. Hogan,(1988) ³ Criminal Law´, at 31-36 Thus, in the prosecution of rape the absence of consent on the part of the prosecutrix is an essential constituent of the actus reus. If the prosecution fails to prove such absence of consent the actus reus is not proved and the prosecution must fail. 6
y
making use of computer function;7
y
accessing data stored on a computer or from a computer which has access to data stored outside;8
y
attempt to gain access through internet or passes signals through various computers and made computers to perform a function on the instruction which the person gave to the 9
first computer in the chain. Such function can be said to constitute constitute actus reus. y
trying to login, even though attempts are are useless. useless.
For example, hackers hackers have an
automated system of trying passwords of different systems, the very running of which 10
can be considered to be a function being performed.
MENS REA
Mens rea is the second essential element, which constitutes crime is called ³a ³a guilty mind ´. This construalhad undergone gradual changes until modern modern criminal law came to regard a guilty guilty 11
mind of some kind or some other such mental element as always being necessary.
Mens rea
consist of a number of different mental attitudes including intention, recklessness and 12
negligence.
Intention refers to the state of mind of a man who not only foresees but also wills
the possible consequences consequences of his conduct. There cannot be intention intention unless there is is foresight, since a man who intends a particular act must have reasonable foresight of the consequences of
7
This is done by using i nput devices like the keyboard, mouse, etc A hacker uses an authorized person¶s password to l ogin to any company¶s main server, hoping to gai n access to the c ompany¶s customer details. The computer to which he logs in to stores these details in a huge data storage unit, which is, locate elsewhere. The data itsel f is stored on a magnetic tape. The processing unit of the computer computer retrieves the information the storage unit. The computer would be thought thought to include the magnetic tape, and so the data would still be considered as being µheld in a computer¶. See, C. Gringras,(1997) ³T he he Laws of the internet ´, at 216 9 For example, a hacker uses his computer to access an unauthorized account at an Internet Service Provider (ISP). It is enough for the prosecution to prove that either of the computers belonging to the hacker or the ISP were made to function. However, the prosecution would choose to prove that the ISP¶s computer was made to function only when it is not possible or extremely difficult for the prosecution to prove that the functioning of the ISP¶s computer was a result of the instructions given by the hacker unless there is other evidence to prove the same. 10 A hacker oversees a password being entered by someone logging in to a remote computer. The login prompt specifies that the user must be authorized to access the computer. Later, the hacker attempts to use the password himself, but fails owing to the remote computer allowing only one login each day. This would still be actus reus as the reje ction itself constitutes a function and this function was caused by the hacker using the password without authorization at the wrong time. 11 Smith and Hogan,(1988)Supra Hogan,(1988) Supra note 7 at 55 12 th J.W. Cecil Turner (ed.), Kenny¶s, ³ Outlines of Criminal Law ´, 18 ed., Cambridge University Press, Cambridge, at 31- 36 8
such act. Though intention cannot exist exist without foresight, foresight, the converse is not not necessarily true, i.e., there can be foresight foresight without intention. intention. A person who who does not intend intend to cause a harmful harmful result may may take an unjustifiable unjustifiable risk of causing causing it.
If a man man foresees the possible possible or even
probable consequences of his conduct and yet, without desiring them, still persists with such conduct, he knowingly runs the risk of bringing bringing about the unwished result. result. Such conduct may be defined as recklessness. Finally, a man man may bring about about an event without without having any intention or foresight. foresight. He may may never have considered the possible consequences of his conduct and the end result may come as a surprise even to him. him. Under Common Law, there is no no criminal liability for for harm caused by 13
one¶s inadvertent or unintended and unforeseen conduct. Mens rea in internet crimes
An essential ingredient for determining mens rea in internet crime, on the part of the offender is that he or she must have been aware at the time of causing the computer to perform the function that the access intended intended to be secured was unauthorized. There must be, on the part of the hacker, intention to secure access, though this intention can be directed at any computer and not at a particular computer. Thus, the hackerneed not be aware of which computer exactly he or she was attacking.
14
Further, this intention to secure access also need not be directed at any
particular or particular particular kind of, programme or data. data. It is is enough that the hacker intended intended to secure access to programmes or data per se.15
13
Professor Kenny gives the example of manslaughter cases where it has been laid down time and again that harm caused inadvertently does not carry criminal liability. Thus, he concludes that there are only only two states of mind, which constitute mens rea rea in criminal law, namely, intention and recklessness. Under Law of Torts harm caused by negligence is interpreted differently. The courts have evolved the concept of ³the reasonable man´ for determining liability in tort law. Thus, a person might be liable for harm caused by his negligence if the consequences of his conduct were foreseeable by a reasonable man in possession of all ordinary faculties and placed in the same circumstances. However, if the consequences were not foreseeable by such reasonable man, the n the person would not be guilty for the unintended consequences of his negligent act. 14 This suits the prosecution in matters relating to unauthorized access on the internet, because i t is often complicated to prove that a person intended to login to a particular computer. 15 Gringras,(1997)Supra Gringras,(1997)Supra note 10 at 221
Thus, there are two vital ingredients for mens rea for hackers or crackers who gain unauthorized access to the system: y
There must be unauthorized access intended to be secured;
y
The hacker should have been aware of the same at the time he or she tried to secure the access.
The second ingredient is easier to prove if the accused hacker is a person from outside who has no authority whatsoever to access the data stored in the computer or the computers; however, it is difficult to prove the same in the case ca se of a hacker with limited limited authority. autho rity.16 On deeper analysis one finds that our obsolete and primitive civil and criminal statutes of the Common Law vintage have somehow been made to subverse the ends of the present day Indian society primarily through judicial innovation innovation and ingenuity. Needless to add that such statutes are overdue for for a total review and replacement. The nature of cyber crimes and the skills involved are such that existing legal framework cannot do much to control and contain the same. In fact, the cyberspace technology has undermined to a major extent the traditional legal concepts like property and has impacted the rules of evidence like burden of proof, locus standi and concepts of µmens rea¶. Cybercrimes have set in a debate as to whether a new legislation is needed to deal with them or existing legal regime is flexible enough to effectively deals with this new form of criminality. Generally the countries that have shown concern to combat cybercrimes have adopted two
16
A common example of this is where the accused hacker is an employee of a company and is accused of using the companies Intranet outside their authority. The problem arises in such a case of a person who is entitled to limited access but not access of the kind in question i.e. he i s exceeding the limits of his authority. authority. The question to be asked here is whether the person knew that he was unauthorized unauthorized in that sense. The question of fact as to whether the hacker knew the limits of authority is often a finely balanced one. The difficulty with partial authority raises an issue of relevance for server operators also.
strategies, i.e., to approach computer crime both as traditional crime committed by/on high tech 17
computers and as crime unique in nature requiring new legal framework.
DEFINITION OF CYBERCRIMES
Cybercrime has recently become a catchy term for a group of security issues in cyberspace. However, despite its frequent frequent use there is no commonly commonly accepted definition. Surely, cybercrime is related to the realm of computers, however, there is no consensus on whether those computers have to be interconnected interconnected or not. Some definitions definitions exclude explicitly explicitly computer related crimes crimes that are not committed online, as they view cybercrime in the narrow sense, while others prefer broader definitions definitions including all kinds of computer computer related offenses. offenses. However, it is is evident that most computer crimes crimes are committed online. online. The UN Manual on the prevention and control of computer-related crime crime provides the following definition definition of cybercrime: Computer crime crime can involve activities that are traditional in nature, such as theft, fraud, forgery and mischief, all of which are generally subject everywhere to criminal criminal sanctions. The computer has also created a host of potentially new misuses or abuses that may, or should be criminal as well (UN 1994, par. 22).18 In July 1996, the UK National Nat ional Criminal Intelligence Service launched a study o f computer crime called Project Trawler. In the study the terms terms computer crime, information information technology crime and cybercrime are interchangeable. Project Trawler Trawler defines computer crime crime as follows: follows: An offence offence in which a computer network is directly and significantly instrumental in the commission of the crime. Computer interconnectivity is the essential characteristic (UKNCIS).19
17
In America 31 States have passed new legislations to deal with computer related crimes whereas others have amended the definitions of Larceny to include electronic media. See Michael D. Rostorker et al. ³Computer Jurisprudence, Legal Response to the Information Revolution´, (1986) at 344 In India also, the Indian P enal Code has been amended to cover computer related crimes a nd some such offences have been separately covered under the IT Act, 2000. See also, British Computer Misuse Act, 1990, Singapore Computer Misuse Act, 1993 (as amended 1998), Malaysian Computer Crimes Act, 1997. 18 > 19 >
According to UNO expert recommendations, the term of ³cybercrimes´ covers any crime committed by using computer systems or networks, within their frameworks or against them. Theoretically, it embraces embraces any crime crime that can be committed in the electronic environment. In other words, crimes committed by using e-computers against information processed and applied in the internet can be referred re ferred to cybercrimes. Cyber or Computer crimes are white-collar crimes and are committed by students, non professional computer programmers, business rivals, individuals having vested interest and criminals. To define such a crime, one has has to utter these these three points: y
When a computer co mputer is used in committing such a crime.
y
When computer technology is responsible for the wrongful loss and wrongful gain of two individuals in a single transaction.
y
When any person commi co mmits ts an of o f the following acts, he is guilty guilty of o f a computer crime: -
Knowingly or intentionally accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer database, computer, computer system, or computer network in order to(i) Devise or execute any unlawful scheme (ii) Devise to defraud, deceive, or extort, or (iii) Wrongfully control or obtain money, property, or data.
-
Knowingly or intentionally accesses and without permission takes, copies, or makes use of any data or computer database from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a co mputer, computer system, or computer network.
-
Knowingly or intentionally accesses and without permission adds, alters, damages, deletes, destroys any data, computer software, computer programs or computer database which reside or exist internal or external to a computer, computer system, or computer network.
-
Knowingly or intentionally accesses and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.
-
Knowingly or intentionally accesses and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network.
-
Knowingly or intentionally accesses and with the intent to defraud, obtains, or attempts to obtain, or aids or abets another in obtaining, any commercial computer service by false representation, false statement, unauthorized charging to the account of another, by installing or tampering with any facilities or equipment or by any other means.
-
Knowingly or intentionally accesses and without permission accesses or causes to be accessed any computer, computer system, or computer network.
-
Knowingly or intentionally introduces or allows the introduction of any computer contaminant or computer virus into any computer, computer system, or computer network.20
CLASSIFICATIONS OF CYBERCRIMES: DI FFERENT BASIS
The internet with its speed and global access has made these crimes much easier, efficient, riskfree, cheap and profitable to commit. commit.
20
New crimes created with the internet internet itself or for
Suresh T. Viswanathan,(2001), ³ T he he Indian Cyber laws´, at 81-83
21
commission of old crimes or incidental for co mmission mmission of o f crime.
Broadly stated, µcybercrime¶
can be said to be an act of commission or omission, committed on or through or with the help of or connected with, the internet, whether directly or indirectly, which is prohibited by any law and for which punishment, monetary and/or corporal, is provided A) Internet crime: The internet crimes include that group of crimes that make criminal use of
the internet internet infrastructure. These are: y
Hacking (a) Theft of information (b) Theft of passwords (c) Theft of credit cards numbers (d) Launch of malicious programmes
y
Espionage
y
Spamming
B) Web based crime: Web based crimes have been categorized separately and have been further
classified separately and have been further classified into four subcategories. (a) Web site related crime y
Cheating and frauds
y
Insurance frauds
y
Gambling
y
Distribution of pornography
y
Sale of pirated software
(b) Crimes through e-mail
21
Vivek Sood,(2001), ³ Cyber Law Simplified ´ at 39
y
Threats
y
Extrotion
y
E-mail
y
Defamation
y
Launching of malicious programmes
bombing
(c) Usenet related crime y
Distribution/sale Distribution/sale of pornography pornog raphy material
y
Distribution/sale Distribution/sale of pirated p irated software
y
Discussion on methods of jacking
y
Sale of stolen credit card numbers nu mbers
y
Sale of stolen data
(d) Internet relay chat crime
y
y
Cyberstalking
y
Fraudsters use chat rooms for developing relations with unsuspecting vict ims
y
Criminals use it for meeting conspirators
y
Hackers use it for discussing their expertise of showing the t echniques
y
Pedophiles use chat rooms to allure small children.
22
Offences against the confidentiality, integrity and availability of computer data and systems (a) Illegal access (b) Illegal interception (c) Data interference
22
Subhas P. Rathore and Bharat B. Das,(2001) ³ Cyber Crimes: T he he emerging trends and Challenges, Souvenir, National Conference on Cyberlaws and Legal Education ´, NALSAR University of Law, at 56-57
(d) System interference (e) Illegal devices y
Offences related to computer (a) Computer-related forgery (b) Computer-related fraud (c) Computer sabotage (d) Cyberstalking
y
Offences related to contents (a) Offences related to child pornography (b) Offences related to infringements of copyright and related r ights
y
Offences related to crime on web (a) Computer network break-ins (b) Industrial espionage (c) Software piracy (d) Cyber pornography (e) Mail bombings (f) Password sniffers (g) Spoofing (h) Credit card fraud (i) Cybersquatting
CIVIL LIABILITY OR CRIMINAL LIABILITY IN CYBERCRIMES
The civil offences in Indian law impose only a liability for compensation to the person, who has suffered, while the criminal offences may be punished with imprisonment and fine payable to the
State. There are crimes, crimes, which as come under both civil civil wrong and criminal criminal offences so called as hybrids. Various cyber crimes are there, which are mainly categorized into two broad ways: Civil Liability: Civil liability provides remedy for compensation only which includes following
crimes, viz; y
Defamation
y
Cybersquatting
y
Internet time theft
y
Copyright theft
y
Design theft
y
Patent theft
y
Software piracy
y
Spamming
Criminal wrong: Criminal liability provides remedy of punishment to offenders as well as
compensation to victims; victims; y
Cyberstalking
y
Cyber pornography/Child pornography
y
Sending threatening emails
y
Hacking
y
Cracking
y
Sending malicious programmes
y
Denial of service attack
y
y
Network sabotage Sending virus and worms
y
Sending logic bombs, trojan horse, virus hoax
y
Cyber terrorism t errorism/Cyber /Cyber warfare
y
Cyber frauds
y
Cyber gambling
y
Cyber cheating
y
Forgery
y
Cyber money laundering
y
Credit card frauds
y
Information theft
y
Data theft
OBJECTIVES O F INFORMATION TECHNOLOGY ACT, 2000
The objectives of The Information Technology Act, 2000 are defined as: ³To provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as ³electronic commerce´, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers¶ Books Evidence
Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected
therewith or incidental thereto.´ In other words, the objectives are:y
To grant legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as ³electronic commerce´, in place of paper-based methods of communication;
y
To give legal recognition to Digital Signature for authentication of any information or matter which requires authentication under any law;
y
To facilitate electronic filing of documents with Government departments;
y
To facilitate electronic storage of data;
y
To facilitate and give legal sanction to electronic fund transfers between banks and financial institutions;
y
To give legal recognition for keeping books of acco unt by Bankers in electronic form.
The first 17 sections of the Act are largely based on Model Law on
Electronic
Commerce
adopted by United United Nations Commission Commission on International Trade Law. It contains 94 clauses divided into XIII chapters. chapters. It has 4 schedules, schedules, Schedule I seeks to amend the Indian Penal Code; Code; Schedule II seeks to amend the Indian
E vidence
Act; Schedule III seeks to amend the Bankers¶
Book Evidence Act; and Schedule IV seeks to amend the Reserve Bank of India Act. Towards that end, the Act stipulates stipulates numerous provisions. provisions.
It aims aims to provide for for a legal
framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. SALIENT FEATURES OF THE INFORMATION TECHNOLOGY ACT, 2000
The Act has defined cybercrimes for the first time and provided for penalties, punishment and compensation for hacking, unauthorised access to computer networks, altering database, introducing computer viruses, disruption of services, copying of Intellectual Property Rights (IPR) protected software, tampering with electronic documents and committing electronic forgery. The IT Act has a provision of penalties penalties up to Rs. 1 crore crore for damaging computer systems and three-year jail term with with a fine of Rs. 2 lakhs for hackers. But these penalties don¶t mean much if the existing police investigating officers, forensic scientists, and the judiciary are
not familiar with the intricacies intricacies of the internet. The Act covers a totally uncharted field with no past experience even in other countries. Accordingly, future future modifications, based on experience, experience, are not ruled out. The salient features of the IT Act 2000 are as follows: y
Provides legal recognition to e-commerce, which means that contracts can be enforced.
y
Records can be kept in an electronic form. form. Written records also mean mean electronic records for the purposes of law.
y
Provides legal recognition recognition for digital signatures. Digital signatures to be authenticated by Certifying Authorities. Authorities.
Certifying Certifying Authorities Authorities to be overseen overseen by a Controller Controller of
Certifying Authoriti Author ities. es. y
Cyber crimes defined for the first time.
y
Adjudicating authorities to decide if cyber crimes have have been committed. committed. Also provide provide 23
cyber regulation advisory committee. y
The Information Technology Rules, 2000 provides The Information Technology (Certifying Authorities) Rules, 2000 and The Cyber Regulations Appellate Tribunal 24
(Procedure) Rules, 2000. y
Cyber Law Appellate Tribunal
25
to be set up to hear appeals against adjudicating
authorities. y
Amendment of Indian Penal Code (1860), Indian Evidence
See also Cyber Regulation Advisory Committee See also The Information Technology Rules, 2000 25 See also Cyber Regulations Appellate T ribunal (Procedure) Rules, 2000 26 See also Schedules to the Information Technology Act, 2000 24
Act (1872), Bankers¶ Book 26
Act (1891) and the Reserve Bank of India Act (1934) to bring them in tune
with the information technology regime.
23
Evidence
y
The Information Technology (Certifying Authorities) Rules, 2000 27 also stipulate the 28
Information Technology Security Guidelines in Schedule II. y
Also provide security guidelines
29
for the management and operation of Certifying
Authorities (CAs) and is aimed at protecting the integrity, confidentiality and availability of their services, data and systems. syste ms. The Act has paved the way for an exponential growth of e-commerce and other internet enabled services like like e-trading, e-shopping and e-banking. The provisions provisions of the Act do not apply apply to a negotiable instrument, a power of attorney, a trust, a will, and any contract for the sale or conveyance of immovable immovable property, or any interest interest in such property. property. It is significant that it it applies to any offence or contravention committed outside India by any person (irrespective of his nationality), if it involves a computer, computer system, or computer network located in India. It excludes network service service providers from from its ambit for any third party information (that is, any information dealt with by them in their capacity as intermediaries) or data made available by them, if they prove that the offence was committed without their knowledge, and they had taken all precautions to prevent such commission. However, more explicitly, explicitly, various computer crimes that are not yet defined in the Act may be taken up to deal with the rapid technological changes that would be taking place in future. The Information Technology Act 2000 being India¶s first cyber law is the central legislation, which has been passed by the Parliament of India. Interestingly, it applies not only to the whole of India including the State of Jammu & Kashmir but also applies to any contravention or violation committed committed thereunder by any person anywhere in in the world. State Governments have have also been given the powers to enact appropriate rules in in the field of Information Information Technology. In 27
See also The Information Technology (Certifying Authorities) Rules, 2000 See also Information Technology (IT) Security Guidelines 29 See also Security Guidelines for Certifying Authorities 28
fact, Section 90 of the IT Act categorically states that the State Government may, by notification in the official gazette, make rules to carry out the provisions of the Information Technology Act. The rules to be made by the State Governments may include the electronic forms through which common man communicates with the Go vernment Departments or the format in which electronic records shall be filed, created or issued and the manner of payment of any fee or charges for filing, creation creation or issue issue of any electronic record.
The State governments governments have appropriate
powers to legislate rules there under, apart from having powers to legislate on various steps enumerated in the State List, List, which is detailed in the Constitution Constitution of India. India. Of course, it it is imperative to note that every rule made by the State Government under Section 90 of the IT Act 30
shall immediately be laid before each House Ho use of the State legislature for approval.
In its resent form, the Act, therefore, not only recognizes the usefulness of e-commerce and provide the necessary safeguards for the transactions by creating a necessary legal framework but it also makes consequential amendments in the Indian Penal Code, Indian Evidence Act, Reserve Bank of India Act and Bankers Book of Evidence Act, so that the offences relating to documents and papers based transactions is made equal to the offences in respect of the transactions carried out through the electronic media and further to facilitate electronic funds transfer between the financial institutions and banks, and also to give legal sanctity to books of 31
accounts maintained in the electronic e lectronic form by the banks. JURISDICTION- THE CONCEPT
The effectiveness of a judicial system rests on core of regulations, which define every aspect of a system¶s functioning; functioning; and principally, its jurisdiction. A court must have jurisdiction, jurisdiction, venue and appropriate service of process in order to hear a case and render an effective judgement.
30 31
Pavan Duggal,(2002), ³CyberLaw³ CyberLaw- T he he Indian Perspective ´, at 1-5 U.K. Chaudhary,Jan 2001 , ³ Information ³ Information T echnology echnology Act, 2000: A step in the right direction ´, CS vol. 31 at 30-31
Jurisdiction is the power of a court to hear and determine a case. Without jurisdiction, jurisdiction, a court¶s judgement is ineffective ineffective and impotent. impotent. Such jurisdiction jurisdiction is essentially essentially of two types, namely namely subject matter jurisdiction jurisdiction and personal jurisdiction. Subject matter jurisdiction jurisdiction is defined as the competence of the court to hear and and determine a particular particular category of cases.
It requires
determination whether a claim is actionable in the court where the case is filed and personal jurisdiction is simply the competence of the court to determine a case against a particular category whether the person is subject to the court in which which the case is filed. filed.
These two
jurisdictions must must be conjunctively satisfied for for a judgement to take effect. It is the presence presence of jurisdiction that ensures the power of enforcement to a court and in the absence of such power, 32
the verdict of a court, co urt, is of little or no use.
INDIAN CONTEXT
The Information Technology Act, 2000 passed in India, is illustrative of the prevailing confusion in the area of jurisdiction jurisdiction in the context of the internet. Section 1 of the Information Technology Act, 2000, deals with the issue of applicability of this new law. Normally, the applicability of laws within India can be broad ly divided into the following major categories: 1. Laws applicable to all states of India barring barr ing Jammu & Kashmir. 2. Laws applicable only to Jammu & Kashmir. 3. Laws applicable to the ent ire country. Jammu & Kashmir has been granted a special status under the Constitution of India and special laws are applicable to that state. Keeping in mind the universal nature of the impact of computers and Internet, the legislature has decided that the IT Act 2000 shall be applicable to the whole of India including Jammu & Kashmir. 32
Nandan Kamath,(2000) ³ Law Relating to Computers internet & E-Commerce : A guide to Cyber Laws & the I T Act,2000 with Rules & Regulations´ at 20
The Act begins by saying, in clause (2) to section 1, that it shall extend to the whole of India and, save as otherwise provided in the Act, it applies also to any offence or contravention thereunder committed outside India India by any person. Clause (2) of section 75 of the Act simply simply states that, ³« this Act shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India´.
Provisions Provisions of this nature are unlikely unlikely to be
effective for a number of reasons. Firstly, it is unfair to suggest that the moment an Indian computer system is used, an action defined by Indian laws as an ³offence´ would be subject subject to jurisdiction jurisdiction of Indian courts. To illustrate, let let us consider a web site located located in a foreign country. The site may host content that would be perfectly legal in its home country, but may be considered offensive or illegal in India. If an Indian chooses to view this site on a computer situated in India, does that mean the site can be prosecuted in an Indian Indian courts? This would appear to violate violate principles principles of justice.
As
explained earlier, the judicial trend of examining the amount of activity that a site undertakes in a particular jurisdiction jurisdiction is a far far more equitable method to determine determine jurisdiction. Further, even if Indian Courts are to claim jurisdiction and pass judgements on the basis of the principle expostulated by the IT Act, it is unlikely that foreign Courts will enforce these judgements since they would not accept the principles utilized by the Act as adequate to grant Indian courts jurisdiction. This would also render the Act ineffective. ineffective. The Indian jurisprudence with with regard to jurisdiction jurisdiction over the internet is is almost non-existent. non-existent. In the first place, as the result of the strongly unitary model of government prevalent in India, interstate disputes disputes never assume the level of private international international law. Hence, there has has been precious little little by way of development of private international international law rules in in India. Furthermore,
there have been few cases in the Indian courts where the need for the Indian courts to assume jurisdiction over a foreign foreign subject has arisen. arisen. Such jurisprudential development would however, however, become essential in the future, as the internet sets out to shrink borders and merge geographical and territorial restrictions restrictions on jurisdiction. It is worthwhile worthwhile to consider the issue of jurisdiction jurisdiction at two levels. In the first first place, given the manner in which foreign courts assume jurisdiction jurisdiction over the internet related issues (as evidenced by the cases discussed above), the consequences of a decree passed by a foreign foreign court against an Indian citizen must be examined. examined. In other words, under what circumstance can the decision of a foreign court be enforced against an Indian citizen or a person resident resident in India? It is necessary to examine examine the circumstance under which the Indian courts would assume jurisdiction over foreign citizens in order to better understand the rights of an Indian citizen who is affected by the act of a foreign citizen.
CYBERJURISDICTION IN INFORMATION TECHNOLOGY ACT, 2000
However, the law has gone much further. It shall also apply to any violation or contravention of the provisions of this Act done by any person anywhere in the world. By means of this provision, the law is assuming jurisdiction over violators of The Information Technology Act, 2000 outside the territorial boundaries of India. This provision is explained perhaps by the unique nature of cyberspace, which knows knows no boundaries. boundaries. The Information Information Technology Act, 2000 specifically provides that unless otherwise provided in the Act, the Act also applies to any offence or contravention thereunder committed outside India by any person irrespective of his nationality.
33
It is however clarified that the Act shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting the offence or contravention, involves a 33
Sec. 1(2) of IT Act, 2000
34
computer, computer system or computer network, located in India.
The words ³act or conduct
constituting the offence or contravention involves a computer, computer system or computer network located in India´ are very significant to determine jurisdiction ofthe IT Act over acts committed outside outside India.
For assuming assuming jurisdiction over an act constituting an offence or
contravention under the IT Act, which is committed outside India, it has to be proved that the said act involves involves a computer, computer, computer system system or computer computer network located in in India.
For
instance, where a website is created in the US which contains pornographic material, it shall not give the IT Act jurisdiction to question the site unless the creation or maintenance or running ofthe site site involves a computer, computer system system or computer computer network located located in India. But where the said website uses a server or any other computer network located in India, the IT Act would assume jurisdiction jurisdiction to question the website under section section 67 of the IT Act. Another instance to explain the jurisdiction of the IT Act is where a person from the US hacks a computer system or network in India, section 66 of the IT Act would come into play to punish the accused for hacking because his act involves a computer in India. India. Similarly, Similarly, where a person anywhere in the world plants a virus into a computer system located in India, he would be liable under section 43(c) of the IT Act to pay damages by way of compensation net exceeding Rs 1 crore to the victim. Section 75 of the IT Act is restricted only to those offences or contraventions provided therein and not to other offences under other laws laws such as the Indian Penal Penal Code, 1860. Jurisdiction over other cyber crimes, for instance under the Indian Penal Code, 1860, has to be determined by the provisions provisions of the Criminal Procedure Code, 1973. The fundamental principle on jurisdiction jurisdiction is the same under the IT Act35 and the Criminal Procedure Code, 1973, though stated differently.
34 35
Sec. 75 of IT Act, 2000 Sec. 1(2) r/w Sec 75 of IT Act, 2000
The basic legal principle of jurisdiction under the Code of Criminal Procedure, 1973 is that every offence shall ordinarily be inquired into and tried by a court within whose local jurisdiction it was committed.
36
These principles in the Code of Criminal Procedure, 1973 apply for
determining jurisdiction in trial by courts as well well as in investigation investigation by the police. In a case where an offence is committed in more places than one, or partly in one place and partly in another, or where it is continuing and continues to be committed in more than one local area, or where the offence consists of several acts done in different local areas, then it may be inquired into or tried by a court having jurisdiction over either of such areas.
37
In the event where it is
uncertain in which of several areas the offence was committed, again it may be inquired into or 38
tried by a court having jurisdiction over either of such areas of uncertainty.
In a case where an act is an offence by reason of anything, which has been done and of a consequence, which has ensued, the offence may be inquired into or tried by a court within 39
whose local jurisdiction such act has been done or such consequence has ensued.
For instance,
in a case of defamation, either of the courts, i.e. of the place from where the defamatory letter was e-mailed and the place at which it was published or received, if different, shall have jurisdiction to inquire and and try the same. To cite another instance; where in pursuance of misrepmisrepresentation by A through e-mail from place X, property was delivered at place Y, A can be tried for the offence of cheating either either at place X or Y. In a case where a person in Bombay does an act of hacking of a co mputer system located in Delhi, he may be t ried either in Bombay or Delhi. Delhi. In a case where an act is an offence by reason of its relation to any other act which is also an offence or which would be an offence if the doer was capable of committing an offence, the first mentioned offence may be inquired into or tried by a court within whose local jurisdiction either 36
Sec. 177 of Cr.P.C., 1973 Sec. 178 of Cr.P.C., 1973 38 Sec. 178(a) of Cr.P.C., 1973 39 Sec. 179 of Cr.P.C., 1973 37
of the acts was done. For instance, instance, in a case of manufacture of sub-standard sub-standard fertilizer in place place X, which is marketed through e-commerce at place Y, prosecution can be launched at either of the said places because the marketing of the sub-standard fertilizer is an offence by reason of substandard manufacture. Certain specified offences have been required by law to be inquired into or tried in certain 40
places.
For instance, an offence of criminal misappropriation or of criminal breach of trust,
may be inquired into or tried by a court within whose local jurisdiction the offence was committed or any part of the property which is the subject of the offence was received or retained or was required to be returned or accounted for, by the accused person.41 For example, if an employee of a company based at Delhi, by operating through the internet bank account of his employer company in a Bombay bank, transfers funds to his account at Calcutta, the case of misappropriation can be tried either at Delhi or Bombay where the offence was partially committed or at Calcutta where the t he money was received and retained. The law also provides that in the case of any offence which includes cheating, if the deception is practiced by means of letters or telecommunication messages, it may be inquired into or tried by any court within whose jurisdiction such letters or messages were sent or where the same were received.
42
Moreover, any offence of cheating and dishonestly inducing delivery of property
may be inquired into or tried by a court having jurisdiction on the place where the property was delivered by the person deceived or where it was received by the accused person.43 In a case where two or more courts take cognizance of the same offence and a question arises as to which of the courts has jurisdiction to inquire into or try that offence, this question shall be
40
Sec. 180 of Cr.P.C., 1973 Sec. 181 of Cr.P.C., 1973 42 Sec. 182 of Cr.P.C., 1973 43 Sec. 182 of Cr.P.C., 1973 41
44
decided by the High Court, under whose jurisdiction both such courts function.
However, if
the courts are not subordinate to the same High Court, the question of jurisdiction shall be decided by the High Court within whose appellate criminal jurisdiction the proceedings were first commenced.45 In such circumstances, all other proceedings with respect to that offence shall be discontinued. Where two or more more courts have jurisdiction jurisdiction over an offence, the choice of the court for institution institution of the case lies lies with the complainant. complainant. He will obviously choose the forum, which is most convenient for him and most inconvenient for the accused. The law of jurisdiction stated in the Criminal Procedure Code, 1973 and section 75 of the IT Act, 2000, as discussed herein, is clear, specific and covers different situations which are likely to generally arise in cyber crime cases. The internet by its its nature and purpose operates when when the parties interacting interacting or transacting are are not physically face face to face with with one another. Due to the global access of the internet, cyber crimes generally tend to transcend or disregard geographical boundaries. These factors imply that in most most cases of cyber crime, except where insiders insiders are involved, there would be two or more places, one from where the cyber criminal inflicts the injury-for instance hacks, and the place where the injury is inflicted-for instance at the location of the victim computer, which is hacked. This is in contrast to traditional crimes of rape, murder and kidnapping where the criminal and the victim are at the same place. Moreover, every criminal makes all possible attempts to conceal his his identity and place of operation. operation. Alibi is is a common defence in criminal matters. This basic tendency of a criminal criminal coupled with the permissible anonymity anonymity provided by the internet makes makes the cyber criminal criminal almost almost invisible. Thus, in terms of practical application of the law of jurisdiction over cyber crimes, in most cases, the
44 45
Sec. 186 (a) of Cr.P.C., 1973 Sec. 186 (b) of Cr.P.C., 1973
place of jurisdiction shall be where the victim is inflicted with the injury, whether personally, for instance by fraud, or on his computer, computer system or computer network. There is a valid point po int in the criticism that such a law assuming extra territorial jurisdiction passed by the legislature is not enforceable in the real world. It is contrary to the principles of international law to assume jurisdiction over citizens of another country, and so, it is likely to lead to conflict of jurisdiction of different courts situated in different national jurisdictions. Also it is important to note that there are differences between national legislations, laws, legal processes and procedures. Further compounding the problem is the issue that a particular act in one national jurisdiction is legal and not barred by law but the same activity is illegal and barred by law, prevailing in another national jurisdiction. Another ground of criticism has been that Section 1 does not lay down the parameters of how such a provision would be enforceable in practical terms across transnational boundaries and jurisdictions. Governments can take recourse to the extradition process to bring to book the cyber criminals outside the territorial jurisdiction of their country, provided there is a valid extradition treaty in place between the relevant countries. But the route, as stipulated in Section 1 of the IT Act, 2000 is likely to throw up a complex arena of difficulties in actual day-to-day implementation. The existing international law pertaining to sovereignty of a nation also details that a sovereign notion can make laws affecting people who reside within its territorial boundaries. However, the birth of Internet has seen geography become history and transactions taking place over networks are transnational in in nature, thereby complicating the entire issue issue of jurisdiction. jurisdiction. This becomes all the more evident from the emerging principles from various judgments relating to Jurisdiction over Internet. From the beginning of Internet, the issue of jurisdiction has continued to challenge
legal minds, societies and nations in the context of the peculiarly inherent character of the Internet. Section 1(2) and Section 75 of the IT Act, Act, 2000 provide for extra-territorial extra-territorial jurisdiction jurisdiction of the Indian courts, which, which, however, seem implausible to be implemented. implemented. The courts in in India at present have not been uniform in following the US trend of asserting jurisdiction on the basis of active accessibility of site. So far, in various Internet domain names related cases, the Delhi High Court has assumed jurisdiction merely on the basis of accessibility accessibility of Internet. I nternet. In the famous Yahoo! France case entitled Yahoo! Inc. v. La Ligue Contre Le Racisme et L 46
µAntisemitisme , the judicial thinking on jurisdiction jurisdiction got further refined. This judgment has far
reaching significance and consequences on the entire subject of jurisdiction. Till now, the courts anywhere in the world could assume and were assuming jurisdiction on Internet transactions and websites that were located outsi o utside de the country. co untry. This decision underlines the principle that even if a foreign court passes a judgment or direction against a legal entity of a particular country say country A, then that judgment or direction would not be applicable automatically to country A¶s legal entities or citizens. The decision or direction of the foreign court will need to be scrutinized by country A¶s courts keeping in mind the touch stone and basic principles enshrined in the Constitution of the country as also enshrined in the local laws of that country, co untry, before it can be enforceable in countr y A. It is evident that the courts are looking into the totality of the circumstances when determining whether to exercise exercise jurisdiction over individuals individuals involved in Internet related related activities. However, the coming of the Zippo case in the US changed the legal principles concerning assuming of jurisdiction. In this case, the American Court decided that there must be ³something more´ than mere Internet access in order to enable the court to assume jurisdiction. It is yet to be seen how the Indian approach on jurisdiction emerges with the coming of the IT Act, specially Section 1 46
2001 U.s. Dist. L EXIS 18378 (N.D. Cal. 2001) & 145 F. Supp. 2d 1168 (N.D.Cal. 2001)
(2) and Section 75 (1) of its provisions, which specifically provides for its extraterritorial jurisdiction. This extraterritorial jurisdiction all across the world can be exercised if the offence or contravention of the IT Act concerns or impacts or affects a computer, computer system or computer network which is located in India. In practical terms, such an extraterritorial jurisdiction can hardly be enforced given the present growth and context of international Law, Cyber law and cyber space. As per sub-section (3) of Section 1, the Information Technology Act, 2000 shall came into force on such date as the Central Government may by notification notification appoint. The Central Government th
issued a notification on 17 October 2000 bringing into force The Information Technology Act, 2000. POSITIVE ASPECTS O F THE INFORMATION TECHNOLOGY ACT, 2000
The Information Technology Act, 2000 is a laudable effort to create the necessary legal infrastructure for promotion promotion and growth of electronic commerce. commerce. Prior to the coming coming into effect of the IT Act, 2000, the judiciary in India was reluctant to accept electronic records and communications as evidence.
Even
email was not accepted under the prevailing statutes of India
as an accepted legal form form of communication and as evidence in a court of law. The IT Act, 2000 changed this scenario by legal recognition of the electronic format. Indeed, the IT Act, 2000 is a step forward. From the perspective of the corporate sector, the IT Act 2000 and its provisions contain the following positive aspects: 1. The implications of these provisions for the corporate sector are that email is now be a valid and legal form of communication in our country, which can be duly produced and proved in a court of law. law. The corporates today thrive thrive on email, not not only as the form form of
communication with entities outside the company but also as an indispensable tool for intra company communication. Corporates ought to understand understand that they shall need to be more careful while writing emails, whether outside the company or within, as emails, in whatever language, could be proved as a legal document in a court of law, sometimes to the detriment of the company.
Even
intra company notes and memos, till now used only
for official purposes, shall come within the ambit of the IT Act, 2000 and will be admissible as evidence evidence in a court of law. A lot would would of course depend upon how these these emails are proved in a co urt of law. 2. Companies shall be able to carry out electronic commerce using the legal infrastructure provided by the IT Act, 2000. Till the coming coming into effect of the Indian cyberlaw, the growth of electronic commerce was impeded in our country basically because there was no legal infrastructure to regulate commercial transactions online. 3. Corporate will now be able to use digital signatures to carry out their transactions online as legal validity and sanction given under the IT Act, 2000. 4. The IT Act, 2000 also throws open the doors for the entry of corporate in the business of being Certifying Authorities Authorities for for issuing Digital Signature Certificates. The law does not not make any distinction between any legal entity for being appointed as a Certifying Authority so long as the norms stipulated by the IT Act, 2000, rules and regulations made thereunder have been followed. 5. The Act also enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate government in the electronic form as may be prescribed by the appropriate government, thereby saving costs, time and wastage of precious manpower.
6. Corporate is mandated by different laws of the country, to keep and retain, valuable and corporate information. information.
The IT Act, 2000 enables companies legally legally to retain the
information in the electronic form, if y
the information contained therein remains accessible so as to be usable for a subsequent reference;
y
the electronic record is retained in the format in which it was originally generated, sent or received or in a format, which can be demonstrated to represent accurately the information originally generated, sent or rece ived;
y
the details, which will facilitate the identification of the origin, destination, date and time of despatch or receipt of such electronic record, are available in the electronic record.
7. The IT Act, 2000 addresses important issues of security, which are so critical to the success of electronic transactions. The Act has given legal definition definition to the concept of secure digital signatures, which would be required to have been passed through a system of a security security procedure, as agreed to by the parties concerned. In times to come, secure digital signatures shall playa major role in the New
Economy,
particularly from the
perspective of the corporate sector, as they will enable more secure transacti tr ansactions ons online.
GREY AREAS O F THE INFORMATION TECHNOLOGY ACT, 2000
1.The IT Act, 2000 purports to be applicable to not only the whole of India but also to any offence or contravention thereunder thereunder committed outside outside India by any person. This provision provision in Section 1 (2) is not clearly drafted. It is not clear as to how and in what particular manner, the Act shall apply to any offence or contravention thereunder committed outside India by any
person. 2. There is no logic in excluding negotiable instruments from the applicability of the IT Act, 2000. The net effect of this exclusion is that any dispute regarding payments, payments, received by means of any negotiable instruments for an e-commerce transaction, are excluded from the protection of the IT Act, Act, 2000.
It refers refers to promoting promoting electronic commerce commerce and begins by excluding
immovable property from the ambit of o f electronic commerce, a reasoning that defies logic. 3. The IT Act, 2000 has failed to legalize legalize electronic fund transfer transfer in the country. The IT Act, 2000 does not recognize the concept of electronic payments, digital cash, electronic cash, electronic money or other existing systems of electro nic payments. 4. Domain names have not been defined and the rights and liabilities of domain name owners do not find any mention in the law . 5. The IT Act, 2000 does not deal with any issues concerning the protection of Intellectual Property Rights. 6. The language of Section 40 of the IT IT Act, 2000. Section 40 provides for for generating key pairs in Chapter VIII dealing dealing with the duties of subscribers. It states that where where any Digital Signature Certificate, the public key of which corresponds to the private key of the subscriber, which is to be listed in the Digital Signature Certificate, has been accepted by a subscriber, then, the subscriber shall generate the key pair by applying the security procedure. The entire wording of Section 40 is faulty and has been shown in such a way as to denote that the acceptance of the Digital Signature Certificate precedes the generation of ke y pair by the subscriber. 7. IT Act, 2000 covers only a limited number of cyber crimes such as damage to computer source code, hacking, publishing obscene electronic information, breach of protected systems, publishing Digital Signature Certificates false in certain particulars or for fraudulent purposes.
Barring these offences, offences, no other cyber crimes crimes are covered under the IT Act. The IT Act 2000 does not cover various cybercrimes including cyber stalking, cyber harassment, cyber defamation, cyber terrorism, spamming, cyber fraud, cyber gambling, Theft of internet hours, Cyber theft, Cyber Cheating, Cyberventing, Credit Card Fraud, Cyber Forgery, Identity Fraud, E-mail
Spoofing, Credit Card Fraud, Chat room abuse, Cyber Money Laundering, Password
Sniffing, Spamming,
Electronic E vesdropping,
Child Pornography, Mail Bombing,
E-mail
Scams, etc. 8. The IT Act, 2000 is silent on covering all kinds of o f offences dealing with abuses of chat rooms. 9. The IT Act, 2000 is that it is silent on the issue of online credit card payments, misuse and misappropriation of credit card numbers online. 10. The IT Act, 2000 is completely silent about the bailability or otherwise of the offences prescribed in Chapter XI. XI. There is no categorical mention at any point in Chapter XI from from Section 65 till Section 78 as to whether the offences prescribed under the sections are bailable or not. 11. The Information Technology Act, 2000 has not tackled several vital issues pertaining to ecommerce sphere like like privacy and content regulation to name name a few. Privacy issues issues have not been touched at all. The right to privacy is recognized as a fundamental right under Article 21 of the Constitution. CHALLENGES O F CYBER CRIME IN INDIA
Cyber crime in India is no longer an illusion. illusion. The situation could go out of hand hand if computer users, both in the government and the private sector, do not sit up and brace themselves to the challenge. For the police, the temptation especially to view attacks on computer systems, as just just
another form of crime crime is great. great. Three aspects of cyber crime deserve focused focused attention. These are: y
the legal safeguards that are available;
y
the adequacy of tra ining of prosecutors and the judiciary; and
y
the nature of links forged by the Indian police with foreign law enforcement agencies so that cooperation in matters of investigation and t raining is readily forthcoming.
Cyber crime does not recognise recognise national borders. More than 30 countries countries have separate laws in their statute book book to check this menace. This Act is solely meant to quell quell cyber crime. crime. It is a piece of legislation intended mainly to lend legal recognition to e-commerce. It is also meant to facilitate electronic filing filing of documents with the government government agencies. The Indian Penal Code is so well drafted that offences not listed in the IT Act right now can still be tackled through it, till such time we are convinced that the IT Act needs to be recast in order to cope with the expanding contours of cybercrime. cybercrime. We may also have to examine whether we need more than one enactment. The volume and nature of cybercrime in our country would would demand in course of time a variety variety of laws. laws.
Apart from from private digital digital enterprises, enterprises, law enforcement agencies
including the Central Bureau of Investigation (CBI), the
Enforcement
Directorate, the
Directorate of Revenue Intelligence and the Income-Tax Investigation Wing, could provide valuable inputs to the government.
There is also the need to draw from the international
experience. No systematic effort has been made till now to impart impart training to prosecutors and and judges, although there is is evidence of their keenness to become become knowledgeable. Possibly, Possibly, the initiative may have to come from law enforcement agencies that have quality instructors and training institutions. institutions. It is is not difficult difficult to to draft special special capsules capsules for this purpose. Policing in cyber space was a challenging job.
CONCLUSION
In sum, though cyber space is a global phenomenon that cannot be easily tackled but the Information Technology Act, 2000 is a great step forward and it is the right initiative at the right time. There is is no no doubt that such a law is absolutely necessary necessary in the country today. today. The medium that the Act seeks to regulate and facilitate has so profound an impact on human life that it is beyond beyond the comprehension of contemporary visionaries. visionaries. It is perhaps only in hindsight, hindsight, several years later, that the extent and scale scale of the impact could be gauged. It could not therefore therefore have been allowed to run lawlessly without any system of checks and without clearly defined rights and liabilities liabilities and forums in which to enforce them effectively. effectively. The law has not, therefore, come a moment too soon and it is sincerely hoped that the Act would pave way for proper legal control regime at national level.
